SANS ISC InfoSec Forums

[UPDATE] We do see first exploit attempts. The exploit attempts to download additional code from 185.159.128.200 . We are still looking at details, but it looks like the code attempts to install a backdoor. The initial exploit came from 5.8.54.27.